Application Number 09/900,494 

Responsive to Office Action mailed September 29, 2004 



AMENDMENTS TO THE CLAIMS 
This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

Claim 1 (Currently Amended): A load balancing SSfc acceleration device, comprising: 
a processor, memory and communications interface; 

a TCP communications manager capable of interacting with a plurality of client devices 
and server devices simultaneousl y via the communications interface ; 

a secure communications manage r to negotiate a secure communication session with one 
of the client devices ; 

an encryption and decryption engine instructing the processor to encrypt decrypt data 
received via the #om-a secure communications session and direct the decrypted data it to one of 
said server devices via a s aid-second communication session; and 

a load balancing engine associating ones each of said client devices with a respective one 
ones of said servers devices for a communications session based on calculated processing loads 
of each said serve r devices . 

Claim 2 (Currently Amended): The device of claim 1 wherein the TCP communications 
manager provides an IP address of an enterprise to said secure communications manager, and 
each of said plurality of servers devices is associated with the enterprise. 

Claim 3 (Currently Amended): The device of claim 2 wherein the secure communications 
manager negotiates a secure communication's]] session with each of said plurality of client 
devices over an open network. 
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Claim 4 (Currently Amended): The device of claim 3 wherein the TCP communications 
manager negotiates a separate, open communications session with one of the plurality of servers 
devices associated with the enterprise for each secure communications session negotiated with 
the a client device s based on the associations of said client devices to said server devices by said 
load balancing engines . 

Claim 5 (Currently Amended): The device of claim ITJ4]] wherein the encryption and 
encryption decryption engine decrypts the data on a packet level by decrypting packet data 
received on the communications interface via a the secure communications sessio n to extract a 
secure record , decrypting decrypts application data from the secure record in the packet dat a, and 
outputting the decrypted application data from the secure record to the one of said server devices 
via the second communication session without processing the application data with an 
application layer of a TCP/IP stack and maps the data to an appropriate TCP session . 

Claim 6 (Currently Amended): The device of claim 5 wherein the load-balancing engine 
selects the second communication session appropriate TCP session is selected by the load - 
balancing engine . 

Claim 7 (Currently Amended): The device of claim 12 wherein the TCP communications 
manager responds to TCP communications negotiations directly for an the enterprise. 

Claim 8 (Currently Amended): The device of claim 31^ 

wherein the TCP communications manager receives packets from the client devices, and 
wherein the TCP communications manager changes a-destination IP addresses for eaeh 

the packets to IP addresses for the a-server devices for each session . 
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Claim 9 (Currently Amended): The device of claim 8,, 

wherein the TCP communications manager maintains TCP communication sessions with 
the server devices, and 

wherein therein the secure communications manager engine-negotiates a secure 
communication session for each TCP communications session. 

Claim 10 (Original): The device of claim 9 wherein the secure communications manager 
responds to all secure communications with each client device. 

Claim 1 1 (Currently Amended): The device of claim 9 wherein the secure communications 
manager changes a destination IP address for[[e]] each packet to a server IP address for each 

Claim 1 2 (Currently Amended) : A method for performing SSfc acceleration of data 
communications between a plurality of customer devices attempting to communicate with an 
enterprise having a plurality of servers, comprising: 

providing an intermediate acceleration device enabled for secure communication with the 
customer devices , wherein the acceleration device has having an IP address associated with the 
enterprise; 

receiving with the acceleration device communications directed to the enterprise in a 
secure protocol from one of the customer devices; 

decrypting data packets of the secure protocol with the acceleration device to provide 
decrypted packet data; 

selecting with the acceleration device at least one of the plurality of servers in the 
enterprise based on a load calculation including processing sessions of other servers in the 
enterprise and associating the selected server with a communications session from the on e of the 
clients ; and 

forwarding the decrypted packet data from the acceleration device to the selected server 
of the enterprise. 
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Claim 13 (Original): The method of claim 12 further including the steps of: 
receiving application data from the selected server of the enterprise; 
encrypting the application data received from the selected server; and 
forwarding encrypted application data to the customer device. 

Claim 14 (Currently Amended): The method of claim 12 43 wherein the step of receiving 
secure communications directed to the enterprise includes receiving with the device 
communications having a destination IP address of the enterprise. 

Claim 1 5 (Currently Amended): The method of claim 12 44 further including the step of 
negotiating the secure protocol session with the customer device by responding as the enterprise 
to the customer devices. 

Claim 16 (Currently Amended): The method of claim 12 44 further wherein the step of 
forwarding comprises: 

modifying the a destination IP address of data packets from the -an IP address associated 
with the enterprise IP to an IP address for the selected server. 

Claim 17 (Currently Amended): The method of claim 1244 wherein the step of forwarding 
comprises: 

establishing an open communication session from the acceleration device to w 4th-the 
selected server, and 

mapping the decrypted packet data to the a n-open communication's]] session established 
with the selected server. 

Claim 18 (Currently Amended): The method of claim 17 wherein the open 
communication[[s]] session is established via a secure network. 
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Claim 19 (Currently Amended): The method of claim 12 wherein the step of receiving 
comprises: 

receiving SSfe encrypted data having a length greater than a TCP segment carrying said 
data; and 

wherein said step of decrypting comprises; 

buffering the SSfc encrypted data in a memory buffer in the SSL accelerator 
acceleration device, the buffer having a length equivalent to the block cipher size 
necessary to perform the cipher; and 

decrypting the buffered segment of the received SSfe encrypted data to provide 
decrypted application data. 

Claim 20 (Currently Amended): The method of claim 1 9 further including the step of 
authenticating the data on receipt of a final TCP segmen t on a packet level without processing 
the application data with an application layer of a TCP/IP stack . 

Claim 21 (Original): The method of claim 19 further including the step of generating an alert if 
said step of authenticating results in a failure. 

Claim 22 (New) The device of claim 1 , wherein the device comprises a network router. 

Claim 23 (New) The method of claim 12, wherein decrypting data packets comprises decrypting 
the data packets at a packet level of a TCP/IP stack. 

Claim 24 (New) The method of claim 12, wherein decrypting data packets comprises: 
decrypting the data packets to extract a secure record, 
decrypting application data from the secure record, and 

authenticating the application data without processing the application data with an 
application layer of a TCP/IP stack. 
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Claim 25 (New): A system comprising: 
a client device; 

a plurality of server devices; and 

an intermediate device coupled between the client devices and the server devices, 
wherein the intermediate device intercepts a request from the client device for a secure 

communication session, and 

wherein, in response to the request, the intermediate device establishes a secure 

communication session with the client device, selects one of the server devices based on resource 

loading experienced by the server devices, and establishes a non-secure communication session 

with the selected server device. 

Claim 26 (New): The system of claim 25, wherein the intermediate device receives 
encrypted data from the client device via the secure communication session, decrypts the data 
and forwards the decrypted data to the selected server device via the non-secure communication 
session. 

Claim 27 (New): The system of claim 25, wherein the intermediate device receives 
unencrypted data from the selected server device via the non-secure communication session, 
encrypts the data and forwards the encrypted data to the client device via the secure 
communication session. 

Claim 28 (New): The system of claim 25, wherein the intermediate device comprises a 
network router. 
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